Author: markt Date: Tue Sep 15 17:45:15 2009 New Revision: 815415 URL: http://svn.apache.org/viewvc?rev=815415&view=rev Log: Merge native component of fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=46950 into the 1.1.x branch
Modified: tomcat/native/branches/1.1.x/ (props changed) tomcat/native/branches/1.1.x/native/src/sslnetwork.c Propchange: tomcat/native/branches/1.1.x/ ------------------------------------------------------------------------------ svn:mergeinfo = /tomcat/native/trunk:815411 Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=815415&r1=815414&r2=815415&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original) +++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Tue Sep 15 17:45:15 2009 @@ -562,11 +562,60 @@ { tcn_socket_t *s = J2P(sock, tcn_socket_t *); tcn_ssl_conn_t *con; + int retVal; UNREFERENCED_STDARGS; TCN_ASSERT(sock != 0); con = (tcn_ssl_conn_t *)s->opaque; - return SSL_renegotiate(con->ssl); + + /* Sequence to renegotiate is + * SSL_renegotiate() + * SSL_do_handshake() + * ssl->state = SSL_ST_ACCEPT + * SSL_do_handshake() + */ + retVal = SSL_renegotiate(con->ssl); + if (retVal <= 0) + return APR_EGENERAL; + + retVal = SSL_do_handshake(con->ssl); + if (retVal <= 0) + return APR_EGENERAL; + + con->ssl->state = SSL_ST_ACCEPT; + + retVal = SSL_do_handshake(con->ssl); + if (retVal <= 0) + return APR_EGENERAL; + + return APR_SUCCESS; +} + +TCN_IMPLEMENT_CALL(void, SSLSocket, setVerify)(TCN_STDARGS, + jlong sock, + jint cverify, + jint depth) +{ + tcn_socket_t *s = J2P(sock, tcn_socket_t *); + tcn_ssl_conn_t *con; + int verify = SSL_VERIFY_NONE; + + UNREFERENCED_STDARGS; + TCN_ASSERT(sock != 0); + con = (tcn_ssl_conn_t *)s->opaque; + + if (cverify == SSL_CVERIFY_UNSET) + cverify = SSL_CVERIFY_NONE; + if (depth > 0) + SSL_set_verify_depth(con->ssl, depth); + + if (cverify == SSL_CVERIFY_REQUIRE) + verify |= SSL_VERIFY_PEER_STRICT; + if ((cverify == SSL_CVERIFY_OPTIONAL) || + (cverify == SSL_CVERIFY_OPTIONAL_NO_CA)) + verify |= SSL_VERIFY_PEER; + + SSL_set_verify(con->ssl, verify, NULL); } #else --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org